Tag Archives: Twitter

GCHQ – General Chit-chat, Hazy Questions?

Photo by Jenny Mealing (jennifrog) used under Creative Commons.

Yesterday’s questioning of intelligence chiefs by Members of Parliament is a first in British history. The momentous occasion was preceded by anticipation that the three big authorities, MI5, MI6 and GCHQ, would offer an open and transparent account of the extent of their surveillance operations, in particular GCHQ. While mass data collection has been suspected, or in a few cases disclosed, for some time by the UK security agencies. However, I was struck by how little new information was actually shared and by the disappointingly weak line of questioning. One important area, for example, which wasn’t clarified at all was how the practice of sifting through who is a ‘threat’ and who isn’t is qualified, neither was the deliberate and systematic undermining of international cryptographic standards. The responses in the areas of “mass data collection” even appeared to give the lie to earlier assurance that only metadata was collected and that content never was, yet that area was never explored,. This assurance has now given way to a somewhat disingenuous assurance that “the people who work in GCHQ” would simply do not loo at the content, unless sufficient justification exists. In fact, they would “leave the building” if they were asked to “ Snoop”… Maybe part of the obvious disconnect is that those earlier assurances came from politicians themselves rather than the intelligence community.

For any commercial entity the Data Protection Act regulates and governs processing of personal information. Intelligence agencies and law enforcement, of course,  benefit from a number of exceptions from those same rules, so it has been left indefinite who in the back rooms is looking out for the interests of the general public. A vague personal assurance that data belonging to “non-threats” are not viewed and that candidates for GCHQ would not be employed if they were the sort to be tempted to do so, is not the same as a bound contract within a legal framework. Besides, somebody must have trusted Edward Snowden in a similar way at some point…

Speaking of Snowden, it would have also been helpful for some questions to have been asked to shed light on the relationships between GCHQ and foreign intelligence agencies; do they accept requests from other nations to surrender their data to UK citizens? A recent report on mass surveillance of personal data that came to light on the same day as the inquiry shows that NSA sent millions of records every day from internal networks to data warehouses at the agency’s headquarters. The US National Security Agency (NSA) is clearly working in collaboration with GCHQ, just how much is UK law helping the NSA to circumvent US law and vice versa and what is the relationship here? Just for example, how does a contractor in the US, to US intelligence services, end up with access to so much highly damaging sensitive information about British spy agencies?

It will be very interesting to see how the requirements of the security agencies, which were voiced in the February 2013 response to the Draft Communications Data Bill, (Intelligence Committee response, “Access to communications data by the intelligence and security Agencies (PDF)“) influence the next draft of that same bill. The somewhat chilling conclusion of that Intelligence Committee response includes the statement that:

“Any move to introduce judicial oversight of the authorisation process could have a significant impact on the Agencies’ operational work. It would also carry a financial cost. We are not convinced that such a move is justified in relation to the Agencies, and believe that retrospective review by the Interception of Communications Commissioner, who provides quasi-judicial oversight, is a sufficient safeguard.”

Of course there will be further sessions both in camera and hopefully more public questioning. While it is clear that, in the interests of national security,  many aspects of surveillance programmes cannot and should not be revealed; the level of public trust in the very people that have been charged with protecting our liberty is at such a low that only unprecedented steps stand any chance of restoring our faith.

It seems we truly do live in Interesting Times, which is more often that not, a curse.

Condemned to repeat?

Spy vs Spy

used by permission from Tony the Misfit on Flickr

“Progress, far from consisting in change, depends on retentiveness. When change is absolute there remains no being to improve and no direction is set for possible improvement: and when experience is not retained, as among savages, infancy is perpetual. Those who cannot remember the past are condemned to repeat it.” – George Santayana, 1906

As far back as 2006 the Surveillance Studies Network described the UK as being ‘the most surveilled country’ among the industrialized Western states.

In March 2009 I blogged about the implementation of the EU directive on data retention among ISPs and how that related to a government project known then as the Interception Modernisation Programme. This initiative was aimed at collating, aggregating and storing every text, email and telephone call made and every website visited, by every person in the UK. The page I linked to in that old blog post has disappeared, along with almost any mention of the initiative on the Home Office site (apart from this PDF). The project was apparently shelved due to a lack of public support (shocker, I know).

When in opposition, the Conservative party (the senior partner in the current coalition government in the UK) opposed the plans, citing the Labour party’s “reckless” record on privacy.

However no news is not always good news. This particular beast was not dead, only sleeping. It has risen again, with a new name and an even wider remit to snoop. The new plans, now known as the “Communications Capabilities Development programme” (sounds a bit nicer doesn’t it?) have apparently broadened in scope to include not only SMS, telephone, email and web site data, but also apparently “instant messaging, texting, social networking or online gaming generate communications data

No legislation has yet been announced, but the Home Office is very clear that associated legislation will be announced in Parliament “in due course“.

If your national or local postal service were to open and check every letter you sent in order to keep a record of whom you correspond with, would you not be outraged? What if the postal service then made all this information available to over 600 public bodies such  as local councils and police forces on request?

The Home Office insist that this information is vital for fighting crime and terrorism; but is this legislation really going to be effective against the people at whom it is supposedly aimed?

If national governments and law enforcement organisations truly believe that online criminals and international terrorists don’t know how to hide their online traces, then we have a bigger problem than we thought (sending an encrypted email with spoofed sender address from an Internet café is only lesson one).

On the other hand, if those same governments and law enforcement organisations are actually fully aware of the ease with which online crime is perpetrated, and online traces hidden, then wouldn’t it have made more sense to take the time, money and technology necessary for a scheme of this magnitude and direct it towards a more worthy cause? To a few more online police on the Internet beat and to building international standards that truly work and are truly global in remit  instead of the paltry £30 million (over 4 years) dedicated to investigating and combating cybercrime?

Keep your ear to the ground on this issue and if you have a view, make it known to your local democratic representative.

You can’t fight the power, but the power has shifted.

One of the largest file sharing services on the Internet was shut down yesterday in US legal action. The site is charged with violation of copyright laws. The indictment (now available on scribd) charges seven individuals with online piracy, four of whom have already been arrested in New Zealand. This 72 page document also details the estimated cost to copyright holders at more than $500 million USD, while themselves allegedly earning $175 million in advertising revenue. The maximum penalty for the offenders could total 50 years of jail time.
 
Search warrants were executed in nine countries and 18 domain names, including mega-upload.com, were seized along with associated servers.
 
This indictment, unsealed right in the middle of impassioned debate over SOPA and PIPA quickly aroused the wrath of the Internet community, particularly Anonymous who have been exhorting their supporters to participate in Distributed Denial of Service attacks against US government web sites including the Dept of Justice, the FBI, the Copy right Office and the RIAA and MPAA, who were successfully taken offline as a result.
 
Anonymous supporters have been using the Low Orbit Ion Cannon (previously detailed here) as well as a new technique of embedded JavaScript. Several web pages have been loaded with JavaScript and the simple act of rendering that page in a web browser will in most cases recruit the browsing computer to the DDoS attack. The attacks have attracted a high level of participation and public sympathy and quickly became a trending topic on Twitter under the #OpMegaupload hashtag.
 
Akamai’s Real-time Web Monitor is currently showing attack traffic online at more than 24% above normal, giving some idea of the scope and geographic spread of public sympathy.
 
Whatever your views on online file sharing, there is no denying that this is an issue urgently in need of a solution. Consumers, artists and corporations seem to have devised workable  methods in the music industry. A return to the generation of income through live performance has reinvigorated the music scene in many countries and cites. Artists have harnessed the power of the Internet for a direct sales model that bypasses the increasingly archaic music industry and online music stores have evolved to facilitate this, with the participation of the corporations, providing music at reasonable cost. It could even be argued that the new iTunes Match service represents the capitulation of the music industry to the new reality of illegal downloads. This model is beginning to be repeated in the printed world too.
 
In the early 1900’s music publishers decried the arrival of the “player piano” as a threat to their way of life, when I was a kid, every record bore the legend “Home taping is killing music“, Hollywood was scared to death at the advent of the VCR…
 
The simple truth is, technology ever advances and with it come new opportunities. Many consumers are taking advantage of those opportunities to access copyrighted material quickly, easily and cheaply (or for free). It is only by facilitating that behaviour backed by a forward-looking business  model that the traditional industry can hope to survive into the future.
 
It’s true that you can’t fight the power, but the power has shifted.